Is Aqua Voice Safe? Privacy Mode, Training Silence & Verdict (2026)

TL;DR: Aqua Voice is reasonably safe for general cloud dictation in 2026 if you treat it as a cloud SaaS product. It carries a SOC 2 Type II attestation through Advantage Partners, with a Vanta-managed trust center. Aqua Voice's privacy policy states that with Privacy Mode disabled, “we may securely store transcript data on our servers,” and with Privacy Mode enabled, “transcript data is not collected.” Three structural caveats matter:

• Cloud-only architecture. There is no on-device mode. Every dictation request transmits audio to Aqua Voice's servers.
• Privacy Mode is OFF by default for individuals. A new individual Pro subscriber who never opens settings has transcripts potentially stored on Aqua Voice's servers.
• The privacy policy does not address AI training. Peer cloud dictation products explicitly state that data is not used for training — Aqua Voice's policy is silent on the question. The silence is itself a signal.

For users who cannot accept any audio leaving their Mac, on-device dictation tools like Voibe eliminate the cloud surface entirely. Voibe runs Whisper 100% on-device on Apple Silicon and costs $198 lifetime — versus $288 for 3 years of Aqua Voice Pro Annual, a $90 saving (31% cheaper) over 3 years and $282 (59%) over 5 years.

This article walks through what Aqua Voice actually does with your voice, the Privacy Mode default, the AI-training silence, the SOC 2 attestation framing, a five-step decision framework, and the on-device alternatives that sidestep the question entirely. Every claim is sourced to Aqua Voice's own documentation or named third-party platforms.

Disclosure: Voibe is our product. We compare Voibe to other tools using verifiable facts — Aqua Voice's own privacy policy, FAQ, trust center, and named third-party platforms. Where Aqua Voice's posture is stronger than Voibe's on a specific dimension (SOC 2 attestation, cross-platform reach, real-time text display), we say so.

The rest of this article walks through each row in detail and gives you a five-step Aqua Voice Safety Audit to make your own call.

Aqua Voice is a cloud-first dictation product. The audio you speak into your Mac, Windows PC, or iPhone is encrypted, transmitted across the public internet, processed on Aqua Voice's cloud infrastructure, and only then returned to your device as text. There is no on-device mode — every dictation request requires the audio to leave your Mac. This is the structural fact that defines Aqua Voice's safety profile, and it is the right starting point before any other analysis.

What the Aqua Voice privacy policy documents:

• Account information — name, email address, billing address, and payment information.
• Transcript data — audio inputs processed through transcription services. With Privacy Mode disabled, “we may securely store transcript data on our servers.” With Privacy Mode enabled, “transcript data is not collected.”
• Technical data — IP addresses, browser type and version, operating systems, performance metrics.
• Session metadata — timestamps, device type, and performance metrics. Per the policy, this category may still be collected even when Privacy Mode is enabled.

What the policy does not document:

• Specific subprocessor names. The policy lists service-provider categories ("hosting services, payment processing, customer support, and data analytics") but does not name specific vendors. Peers like Wispr Flow publish full subprocessor lists naming Baseten, OpenAI, Anthropic, and AWS regions; Aqua Voice's public document does not.
• Specific data retention timelines. The policy does not specify how long stored transcript data is retained, or what the deletion timeline is for accounts that are closed.
• Training-data use. Whether stored transcript data is used to train Aqua Voice's proprietary Avalon transcription model — or any other AI model — is not addressed in the policy text.

This is a normal cloud SaaS architecture in most respects. The documentation gaps are normal too — many cloud SaaS startups publish privacy policies at this level of generality. The risk that compounds for sensitive content is the combination of cloud-only architecture plus Privacy Mode off by default plus the silence on training. Each one in isolation is a small concern; together they leave the safety question more open than peer cloud products.

Aqua Voice's flagship privacy feature is Privacy Mode. When enabled, transcript data is not stored on Aqua Voice's servers. When disabled, the privacy policy states “we may securely store transcript data on our servers.” The mechanics matter:

• Default state for individual users. Privacy Mode is OFF by default. An individual Pro subscriber who never opens settings has transcripts potentially stored on Aqua Voice's servers from the first dictation.
• Opt-in path: Settings toggle. Open Aqua Voice settings, find Privacy Mode, switch it on. The setting takes effect for new dictations going forward.
• What Privacy Mode does not stop. Per the privacy policy, even with Privacy Mode enabled, “session metadata, including timestamps, device type, and performance metrics, may still be collected.” That metadata category is not the audio or the transcript — but it is data linked to your account and your dictation behavior.
• Teams and Enterprise plans. Per the Aqua Voice FAQ: “Team plans support centralized billing and an org-wide Privacy Mode.” An admin can enforce Privacy Mode across the entire organization, which is a stronger control than the individual default.

The two-track product structure is a familiar pattern — the same posture exists in Wispr Flow, Cursor, and other cloud-SaaS tools where individual defaults trade convenience for data, while paid org tiers can enforce stricter defaults centrally. The pragmatic individual mitigation is simple: open settings on first launch and turn Privacy Mode on before you dictate anything sensitive. The mitigation works, but it requires the user to know to do it. New subscribers who jump straight into dictation are not opted into the privacy commitment until they take an explicit action.

Most cloud dictation products' privacy policies explicitly address whether user data is used to train AI models. Wispr Flow's privacy policy says: “we may share your data with third-party LLMs in order to provide certain features. Your data is never used to train these services and will be deleted after 30 days.” Typeless's privacy policy says: “Your data is never used to train these services and is configured for zero retention by the providers.” Superwhisper's privacy policy says: “not used for training AI models or any other machine learning purposes.”

Aqua Voice's privacy policy at aquavoice.com/info/privacy, effective May 22, 2025, does not address the training question at all. The policy describes the categories of data collected, the conditions under which transcripts are stored (Privacy Mode disabled), and the conditions under which they are not (Privacy Mode enabled). It does not state whether stored transcripts are used to train Aqua Voice's proprietary Avalon transcription model — or any other AI model.

The honest read: the silence is not a confession of training. It is a documentation gap. Many startups write privacy policies that focus on data categories and processing purposes without separately answering the training question. For most general dictation, this gap rarely matters in practice. For sensitive content, the gap matters because it leaves the answer unverified.

The pragmatic decision framework:

1. If you keep Privacy Mode ON, the training question is moot. With no transcript stored, there is no transcript to train on. Session metadata may still be collected, but metadata does not contain the dictation content itself.
2. If you keep Privacy Mode OFF, treat the training question as open rather than resolved. Stored transcripts could be used for training, could be excluded from training, or could fall under a contractual carve-out — the public document does not say.
3. If a contractual no-training commitment matters for your workflow, request it in writing from Aqua Voice support. A written confirmation in your inbox is more useful than a privacy-policy interpretation.

Voibe sidesteps the training question architecturally. Per Voibe's privacy policy: “The Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point.” If audio never leaves the Mac, there is nothing to train on. The training question does not require a contractual answer when the architectural answer already removes the possibility.

Aqua Voice's compliance posture is anchored to a SOC 2 Type II attestation, performed by Advantage Partners and accessible through a Vanta-managed trust center. The Aqua Voice FAQ confirms the certification: “You can view our security certifications, compliance reports, and data handling practices at our Trust Center.”

What SOC 2 Type II tells you:

• Independent attestation that controls exist and were tested over a defined window. Type II is the stronger variant — a Type I report only attests that controls are designed correctly at a point in time; Type II tests whether they actually operated effectively across a period (typically 6–12 months).
• Coverage of one or more Trust Service Criteria. SOC 2 reports cover Security (mandatory), and optionally Availability, Confidentiality, Processing Integrity, and Privacy. Different scopes mean different things — a Security-only SOC 2 says less than a Security + Confidentiality + Privacy SOC 2.
• A procurement-clearing artifact. Many enterprise compliance teams will not procure a SaaS tool without a SOC 2 Type II report. The certification clears that gate.

What SOC 2 Type II does not tell you:

• Whether stored data is used for AI training. SOC 2 does not directly address this — it audits controls against a stated policy, not the policy's content. If the privacy policy is silent on training, SOC 2 will not fill the gap.
• Which specific subprocessors handle your audio. SOC 2 covers vendor management as a control category, but does not require the audited entity to publicly disclose its subprocessor list.
• What the contractual retention and deletion timelines are. SOC 2 audits whether the vendor follows its stated retention policy — but the policy itself can be vague.
• Whether the audit firm is established. The recent Delve compliance scandal demonstrated that not every SOC 2 audit firm operates at the same quality bar — some have been credibly accused of generating templated reports with pre-populated conclusions. Advantage Partners has not been named in the Deepdelver investigation as of April 2026, which is a positive signal, but smaller audit firms generally carry less industry recognition than household-name auditors like A-LIGN, Schellman, or BDO.

The pragmatic read: Aqua Voice's SOC 2 Type II clears the procurement gate for many use cases, and is a meaningful step beyond "trust us." For regulated workflows or security-mature enterprises, request the SOC 2 report itself from Aqua Voice's trust center, review the scope and the controls tested, and verify the attestation period covers a window relevant to your decision. The report is the document — the certification is just the headline.

The deeper lesson from comparing Aqua Voice's posture against on-device alternatives is the same as it is for every cloud dictation product: there is a difference between architectural privacy and audited privacy. Cloud dictation is a policy-and-trust product — you trust the vendor's commitments, the auditor's verification, the subprocessors' diligence, and the policies' continuity. On-device dictation is an architecture-and-physics product — the audio is processed on your device's chip, never crosses the network, and is discarded after transcription.

Five things audit-based privacy cannot do that on-device architecture can:

• Survive a policy change. A privacy policy can be updated with 30 days' notice. The same servers operating under "transcripts not collected" today can store data tomorrow under a revised policy. Audio that never crosses your network boundary cannot be stored by a future policy.
• Survive a subprocessor incident. Aqua Voice does not publicly name its subprocessors, but the cloud architecture means at least a hosting provider, a payments processor, an analytics platform, and a customer support system handle account-linked data. Each is its own risk surface. On-device processing has zero subprocessors for dictation data.
• Survive an acquisition. When a cloud SaaS startup is acquired, customer data becomes an asset under new governance. A privacy-first startup's commitments do not necessarily survive a change in ownership. On-device data has nothing to transfer.
• Survive a documentation gap. The current Aqua Voice privacy policy does not address AI training. A user who decides Aqua Voice is safe today is making that decision under documentation uncertainty. On-device dictation has nothing to document because there is nothing to send.
• Survive legal compulsion. A subpoena or national security letter can compel a vendor to preserve and disclose data normally discarded. On-device processing removes this vector — there is no preserved data, and the vendor cannot produce what it never had.

None of this means cloud dictation is unusable. It means cloud dictation is a contract-driven privacy product, and the contract is only as strong as the documentation, the auditor, and the policies' continuity. For most general dictation, that is acceptable. For confidential, privileged, regulated, or compliance-audited work, architecture is the stronger guarantee. For a deeper treatment of this distinction, see our cloud vs. local dictation guide and voice data privacy guide.

Use the Aqua Voice Safety Decision Tree to decide whether Aqua Voice is safe enough for your specific situation. The five questions, in order, take you from the lowest-risk use case to the highest. Stop at the first question where you cannot accept the answer Aqua Voice currently provides.

1. Are you dictating only general content (drafts, emails, notes, AI prompts, casual messages)? If yes — Aqua Voice with Privacy Mode enabled is reasonable. If you are dictating confidential, privileged, or regulated content, continue to question 2.
2. Will you actively turn on Privacy Mode in settings before your first dictation? If yes — transcripts will not be stored on Aqua Voice's servers. Continue to question 3. If no — accept that the default behavior allows transcript storage on Aqua Voice's servers, with no documented commitment that those transcripts are excluded from AI training.
3. Are you on a Teams or Enterprise plan with admin-enforced org-wide Privacy Mode? If yes — your organization's centralized control is stronger than the individual default. Continue to question 4. If no, you are relying on each user to flip the toggle themselves.
4. Is the content covered by HIPAA, attorney-client privilege, NDA, or compliance regulation? If no — Aqua Voice with Privacy Mode is a reasonable cloud product. If yes — Aqua Voice does not advertise HIPAA / BAA, and the privacy policy's silence on AI training is a procurement blocker for many regulated workflows. Skip to question 5.
5. Are you comfortable with audio leaving your Mac under any circumstances? If yes — Aqua Voice's cloud-only architecture is acceptable for most workflows with Privacy Mode on. If no, only on-device dictation will satisfy you. Voibe, VoiceInk, and Apple Dictation are the three Mac-native options.

The pattern: the further you progress through the tree, the more on-device architecture wins. For the first three questions, Aqua Voice is workable as a cloud product with the right configuration. By question 4, the absence of HIPAA and the AI-training silence become structural blockers. By question 5, the architectural answer beats the policy answer.

If Aqua Voice's cloud-only architecture, default-off Privacy Mode, or AI-training silence concerns you, the architectural answer is on-device dictation. Three Mac-native options process audio entirely on Apple Silicon's Neural Engine using OpenAI Whisper models — audio never leaves the device, no transcript-storage toggle is needed, and the AI-training question is moot because there is nothing to train on.

Side-by-side cost picture against Aqua Voice Pro Annual ($96/year):

• After 1 year: Aqua Voice Pro = $96; Voibe lifetime = $198. Voibe is more expensive year 1.
• After 2 years: Aqua Voice Pro = $192; Voibe lifetime = $198. Roughly even — Voibe pulls ahead at month 25.
• After 3 years: Aqua Voice Pro = $288; Voibe lifetime = $198. Voibe is $90 cheaper (31% saving).
• After 5 years: Aqua Voice Pro = $480; Voibe lifetime = $198. Voibe is $282 cheaper (59% saving).
• Voibe pays for itself against Aqua Voice Pro Annual at ~25 months, then keeps working forever with no recurring cost.

For a deeper Aqua Voice pricing breakdown, see our Aqua Voice pricing guide. For an open-source on-device option with an auditable codebase, see VoiceInk pricing. For the cross-tool roundup, see our best offline dictation apps.

Honest tradeoffs: Aqua Voice's Avalon model offers tuning for technical vocabulary that an out-of-the-box on-device Whisper deployment may not match, and Aqua Voice's real-time text display is genuinely useful when you want to see transcription as you speak. Voibe ships a real on-device dictionary that influences the Whisper transcription itself (not a post-transcription find-and-replace), which addresses the same technical-vocabulary need without sending audio to the cloud. If real-time text display is the dealbreaker feature for you, Aqua Voice still wins on that specific dimension.

Voibe is a Mac-native dictation app built around a single architectural principle: your audio never leaves the device. Voibe runs OpenAI Whisper models on Apple Silicon's Neural Engine. When you press your hotkey, audio is captured into memory, transcribed by the local Whisper model, written into the active text field, and discarded. No cloud servers, no third-party LLM providers, no transcript storage, no Privacy Mode toggle to remember, no AI-training disclosure to verify because there is no audio to train on.

Mapped against the safety questions raised by the Aqua Voice profile:

• Architecture. Voibe processes audio on the Apple Silicon Neural Engine. There are no cloud servers, no transcription endpoints, no third-party LLM providers in the dictation path.
• Privacy Mode default. Not applicable. Voibe's privacy posture is the same regardless of any setting. There is no Privacy Mode toggle because there is no transcript storage to toggle off.
• AI training disclosure. Not applicable. Voibe's privacy policy at getvoibe.com/privacy states: “The Voibe application processes your voice entirely on your device. No audio is transmitted to our servers at any point.” If audio never leaves the Mac, there is nothing to train on.
• Subprocessor list. Voibe has no subprocessors for dictation data because none is transmitted. There is nothing to list.
• Compliance audit dependency. Voibe does not currently hold a SOC 2 attestation, and we say so plainly. The structural difference is that an on-device-only architecture does not require a SOC 2 to be safe — there is no data flow to audit. For regulated workflows, our HIPAA dictation guide walks through the architectural HIPAA framing.
• Permissions. Voibe requests microphone access and macOS accessibility permission — the minimum surface required to capture audio and paste text into the active field. No screen recording, no camera, no full-disk access.
• Network monitor. Run Little Snitch during a Voibe dictation session. Outbound traffic from Voibe during transcription is zero.
• Account. Voibe does not require an account to dictate.

Pricing: $9.90/month, $89.10/year, or $198 lifetime for unlimited dictation on Apple Silicon Macs (M1 through M4). Voibe also includes a Developer Mode for VS Code and Cursor with file/folder name resolution — useful for technical workflows where Aqua Voice's Avalon-tuned cloud model is the typical choice.

Try Voibe for Free — install, grant microphone and accessibility permissions, and dictate. No account, no credit card, no audio leaving your Mac, no Privacy Mode toggle to remember.

Aqua Voice is reasonably safe for general cloud dictation in April 2026, with appropriate configuration. It carries a SOC 2 Type II attestation through Advantage Partners, supports a Privacy Mode that prevents transcript storage when enabled, and has no public breach incidents on record. For most non-regulated users who manually enable Privacy Mode on first launch, Aqua Voice's cloud architecture is an acceptable trade-off — particularly for users who specifically need the Avalon transcription model or real-time text display.

It is not the right tool for several use cases. Privacy Mode being off by default for individuals is a silent gap that requires user action to close. The privacy policy's silence on AI model training leaves an open question for sensitive content. The absence of a public HIPAA BAA makes Aqua Voice unsuitable for healthcare workflows. The cloud-only architecture means every dictation requires audio to leave your Mac — there is no fallback to a local mode.

The pattern this represents — "defaults matter, and silence matters" — is broader than Aqua Voice. The single highest-leverage step a new Aqua Voice user can take is to open settings on first launch and enable Privacy Mode before the first dictation. The single highest-leverage step a regulated workflow can take is to request the SOC 2 report and a written no-training confirmation from Aqua Voice support. The single highest-leverage step for users who cannot accept any cloud surface is to switch to on-device dictation and remove the question entirely.

If Aqua Voice is on your shortlist, run the Aqua Voice Safety Audit: enable Privacy Mode immediately, request the SOC 2 report from the trust center, request a written no-training confirmation from support, monitor outbound traffic with Little Snitch, and revisit on each privacy-policy revision date. If those steps feel like more diligence than you want to spend on a $96/year subscription that grows to $480 over 5 years, Voibe at $198 lifetime sidesteps every one of them by removing the cloud surface entirely.

For further reading, see our Aqua Voice pricing breakdown. For sibling safety investigations in the same series, see Is Wispr Flow Safe? (cloud subprocessors + Delve audit scandal), Is Superwhisper Safe? (on-device modes + cloud-mode gap + local recordings), Is Willow Voice Safe? (Private Mode default-on — the most privacy-protective default in the cloud dictation category — and the HIPAA marketing-vs-policy gap), Is Otter Safe? (meeting transcription + visible-bot consent class action), Is Dragon Safe? (Microsoft-owned three-product line), and Is Claude Code Safe? (developer-tool parallel: Pro/Max trains by default after Aug 2025 vs Commercial Terms no-training default). For the broader privacy-investigation pattern, see our Typeless privacy issues piece and our Apple Dictation privacy guide. For comparisons, see Aqua Voice vs. Wispr Flow, Typeless vs. Aqua Voice, and the broader comparison hub. For a continuously-updated cross-product reference covering ChatGPT, Claude, Gemini, Cursor, Copilot, Voibe, and the rest of the Aqua Voice peer set on training, retention, and on-device support, see our AI Tool Privacy Tracker. For deeper architectural framing, see the voice data privacy guide, the cloud vs. local dictation guide, the offline dictation privacy on Mac explainer, and the complete dictation privacy hub.